What are the dangers of Facebook cloaking? Is it simply a case of someone being capable of seeing information that...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
the user wouldn't necessarily want them to see, or are there more devious attacks that the method will expose?
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
There are two common types of Facebook cloaking. The first is used for potentially illicit search engine optimizing. The second is the more current version that was reported by Technology Review regarding how to make it difficult to be unfriended on Facebook. Facebook responded to the Technology Review report within 48 hours by deploying a modification to its user interface. So, while this may have been an issue, it has been resolved for now.
That second method of cloaking involved deactivating a Facebook account so that users could not remove the account from their "friends" list. This attack required a user to accept an account's friend request before the cloaker could then deactivate the account. At the time of the research, users couldn't unfriend deactivated accounts. This meant that an attacker could enable an account to download all of the content on a user's profile, then disable their account again before someone unfriended them.
Given that many users publish their Facebook updates as public and that few users ever clean up their friends list, it seems that just a few users could have been targeted by a Facebook cloaking attack. This was an important issue that needed a quick resolution because users should be able to remove accounts from their friends list regardless of the status of an account. That said, given Facebook's popularity, it's likely that attackers will continue to find and exploit similar flaws.
The bottom line is that this incident is just the latest wake-up call to remind users that constant vigilance is needed to guard against creative attackers constantly seeking to violate their privacy. If users are concerned enough about their security after this exposure to take steps to enhance their Facebook privacy and avoid security issues such as Facebook cloaking, they should be easily encouraged to use Facebook's privacy settings.
Dig Deeper on Social media security risks
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.